Cisco is a perennial leader in delivering state-of-the-art firewalls for the broadest possible range of deployments. Cisco's Firepower Next Generation Firewalls (NGFWs) provide an advanced cybersecurity solution that marshals sophisticated hardware, cloud services, and next-generation intrusion protection system (NGIPS) to block, discover, and respond to threats automatically. Progent's Cisco-certified CCIE-certified firewall consultants can assist you to design and carry out an efficient upgrade to Firepower Series firewalls from Cisco's legacy ASA 5500-X, ASA 5500, or PIX appliances and help you enhance Firepower firewalls with Cisco's subscription-based security services to build and centrally manage network ecosystems that span branch offices, data centers, and cloud resources. Progent's firewall consultants can also help you to manage and debug legacy Cisco firewalls. Progent's certified network security consultants can assist you with policy creation driven by industry best practices in order to build a consistent cybersecurity profile across all your devices at any location.
Cisco's Firepower NGFW Firewalls
Cisco's Firepower NGFWs Firewalls provide a major performance improvement over Cisco's previous-generation ASA 5500-X firewalls and offer unified management and automation of advanced cybersecurity capabilities like application visibility, next-generation intrusion protection (NGIPS) with risk prioritization, advanced malware protection, URL filtering, and sandboxing. For details about Cisco's Firepower line of NGFWs Firewalls, see Firepower firewalls integration experts.
Cisco's ASA 5500-X and Legacy Firewalls
Cisco’s ASA 5500-X Series, ASA 5500, and PIX firewalls provide combined firewall, VPN, and IPS capabilities in single-box packages, delivering a wide array of features to match the security requirements of companies from small businesses to enterprises and ISPs. Cisco’s ASA 5500-X Series, ASA 5500, and PIX firewalls allow IT security staffs to defend their network perimeter and provide secure offsite and mobile connectivity while using powerful management mechanisms based on Cisco's world-class firewall products.
Cisco’s ASA 5500 Series and PIX 500 firewall appliances have arrived at end-of-life (EOL) but are still widely used in small and mid-size businesses and in some larger networks. The ASA 5500-X Next-Generation Firewalls deliver substantially more bang for the buck and have supplanted Cisco's ASA 5500 and PIX 500 families of firewalls for new installations. However, Cisco's legacy firewall appliances, if properly maintained, continue to deliver a high level of security by supplying multiple features including firewall, IPsec VPN, and IPS.
Following Cisco's acquisition of Sourcefire, the entire family of ASA 5500-X firewalls can be configured to enable Firepower Services, built on Sourcefire's Snort technology, which is the world's most popular network intrusion protection system. Firepower services bring powerful new features such as advanced malware protection (AMP), URL filtering, real-time threat analytics, and automation.
Progent's Cisco CCIE-premier infrastructure consultants can assist your organization to support and troubleshoot legacy ASA 5500 and PIX firewalls and can also help you to design and carry out an efficient upgrade to Cisco’s ASA 5500-X Series firewalls with Firepower. Progent can also assist you to plan, configure, optimize, manage and debug new firewall solutions based on Cisco's latest ASA 5500-X firewalls with Firepower Services. Progent can also assist your organization to migrate from your Cisco ASA 5500-X solution to Cisco's Firepower NGFWs Firewalls.
Cisco's ASA 5500-X Series Firewalls
Cisco's extensive line of ASA 5500-X security appliances features an enhanced substitute for every rack-mountable unit in the previous ASA 5500 series of firewalls. Each ASA 5500-X model is suited for the identical environment as the corresponding previous models, which offers small and midsize businesses plenty of room for picking a firewall that meets their security requirements and budgets. All ASA 5500-X firewalls build on Cisco's proven stateful-inspection firewall technology and all include 64-bit hardware with multicore processors and are capable of running Cisco's powerful security services. All models in Cisco's ASA 5500-X product line provide dependable security across any combination of physical, virtual, and cloud deployments.
For more information about ASA 5500-X firewalls, Cisco Firepower services, and Progent's consulting for ASA security appliances, go to Firepower integration and debugging consulting
Cisco's Firepower Services for ASA 5500-X Firewalls
Cisco ASA 5500-X firewalls accept software or physical modules that support Cisco's Firepower Services, which offer layered protection against sophisticated attacks. Cisco's Firepower Services are powered by technology acquired by Cisco from Sourcefire. Key capabilities of Firepower Services for ASA firewalls include:
- Layered protection against familiar and new attacks
- Cisco's Advanced Malware Protection that uses big data to discover and mitigate security breaches
- Cisco's Next-Generation Intrusion Prevention System (NGIPS) that performs contextual analysis that looks at clients, network infrastructure, apps, and content to detect attacks that incorporate simultaneous vectors
- High-resolution Application Visibility and Control that is familiar with thousands of applications and can automatically activate standard and customized IPS policies based on the severity of risk
Firepower Services for ASA 5500-X firewalls offer advanced multi-layered protection
Simpler deployments of Cisco ASA firewalls can be efficiently administered via Cisco's on-device Adaptive Security Device Manager (ASDM) Adaptive Security Device Manager, a web-based tool which is provided with all ASA 5500-X models. ASDM provides an easy-to-use web dashboard for deploying, managing, and troubleshooting ASA 5500-X firewalls and service modules.
For more complex environments, ASA 5500-X appliances with Firepower Services can be managed using Firepower Management Center, available as one or more physical or virtual appliances. Cisco's Firepower Management Center provides centralized firewall management, Application Visibility and Control, advanced IPS, URL filtering, and Cisco's Advanced Malware Protection (AMP). Due to ongoing rebranding after Cisco's purchase of Sourcefire Defense Center, Firepower Management Center has been delivered under several names that include Defense Center, FireSIGHT Defense Center, and FireSIGHT Management Center.
Firepower Management Center unifies event and policy control for Cisco Firepower firewall appliances
Firepower Management Center offers capabilities unavailable with Cisco's on-box ASDM utility. Additional capabilities include expanded context awareness, Cisco's Advanced Malware Protection (AMP) with mitigation for client devices, a console that provides real-time infrastructure visualization, automated policy optimization driven by impact evaluation of threats, comprehensive IPS, custom app detectors for Application Visibility and Control (AVC), customized health alerts, improved reporting options, and application interfaces for host input and database access. Hardware-dependent features like clustering, stacking, switching, routing, VPN, and NAT must be handled via the on-device ASDM or the ASA command line interface.
Cisco ASA 5500 Family of Firewalls
Cisco ASA 5500 Series Firewalls build on technology developed for Cisco's PIX 500 Series firewall, the Cisco IPS 4200 family Intrusion Prevention System, and Cisco's VPN 3000 model concentrator. These solutions enable the Cisco Adaptive Security Appliances 5500 Series Firewall family to offer a platform that defends against the broadest range of threats. Cisco Adaptive Security Appliances 5500 Series Firewalls provide application security, network containment, and safe VPN functionality throughout the entire product portfolio. This breadth of protection allows defense of any network area, which includes the most typical attack vectors such as remote sites, LAN-attached internal users, and off-site connected VPNs.
The expandable architecture of the Cisco ASA 5500 Series allows you to add features by installing security service modules and security service cards (SSCs). These easy-to-install enhancements provide the option of adding Intrusion Protection and content protection functions like filtering virus, worms, and phishing attacks and performing file and web screening. In addition to allowing you to react rapidly to new threat vectors, the expandable architecture of the ASA 5500 family also protects your hardware investment by prolonging the useful life of your firewalls. The ASA 5500 family also leverages your investment in administrative staff education by utilizing the familiar library of PIX management tools and protocols such as the Cisco ASDM system, secure command-line interface (CLI) access, verbose syslog, and Simple Network Management Protocol.
Cisco Adaptive Security Appliances 5500 Series firewalls provide robust application security through intelligent, application-aware inspection processes that analyze traffic at Layers 4-7. The result is a more secure environment including Web, voice, and mobile wireless connectivity. To defend against application-layer attacks and to provide better control over the applications and protocols utilized in their networks, these inspection engines incorporate broad application and protocol knowledgebases and rely on protection enforcement solutions such as protocol anomaly detection and state monitoring. Also incorporated are assault detection and mitigation techniques such as application/protocol command filtering and content verification. Cisco ASA 5500 Series firewall inspection engines also provide management of IM and peer-to-peer file sharing, allowing businesses to enforce usage policies and preserve network bandwidth for important business processes.
For more details about Progent's support services for ASA 5500 security appliances, visit ASA 5500 firewalls integration and troubleshooting services.
PIX Firewall Appliances
Built around a tested, purpose-built OS that delivers rich security features, Cisco PIX security appliances offer a high level of security and have been awarded Common Criteria Evaluation Assurance Level 4 status and ICSA Labs Firewall and IP Security (IPsec) certification. Cisco PIX security appliances offer protection for a broad array of Voice over IP and additional mixed-media standards including H.323 Version 4, Session Initiation Protocol, Cisco Skinny Client Control Protocol, Real-Time Streaming Protocol, and Media Gateway Control Protocol (MGCP), helping businesses to safeguard installations of a wide array of current and next-generation Voice over IP and video applications.
Cisco PIX firewall appliances feature a wealth of setup, tracking, and troubleshooting features, providing businesses the flexibility to use the techniques that most closely meet their requirements. Management solutions include centralized, policy-based administration tools, integrated web-based administration, and support for remote-monitoring standards like SNMP and syslog. The integrated Cisco Adaptive Security Device Manager (ASDM) interface offers a powerful Web-accessible management solution that significantly streamlines the installation, ongoing modification, and tracking of a specific Cisco PIX firewall without the need of any additional utility other than an ordinary Web browser and Java applet to be running on an administrator's computer.
IT managers can also remotely set up, monitor, and analyze Cisco PIX security appliances using a CLI interface. Secure CLI interface communication is possible through several methods such as Secure Shell Protocol, Telnet through IP Security, and out-of-band via a console port. Cisco PIX firewalls also have dependable auto-update capabilities, a set of advanced secure remote-administration services that ensure security configurations and software images are kept up to date.
For more details about Progent's support services for PIX 500 firewalls, visit Cisco PIX 500 firewalls configuration and debugging support.
Progent's Migration Consulting Services for Cisco Firewalls
Because Cisco has stopped offering the PIX 500 and ASA 5500 families of firewalls, many companies are uncomfortable with relying on a key infrastructure component that may stop being supported. Cisco ASA 5500-X and Firepower NGFW Series firewalls have the advantage of being current products and also bring a number of technical and financial benefits in comparison to PIX 500 firewalls. These benefits include significantly higher throughput, optional SSL VPN support, and an expandable design that guards your investment by enabling you to add more security services when and if you require them. Progent's Cisco certified network engineers can assist you to assess the strategic value of for upgrading from PIX or Cisco ASA 5500 firewalls, design a migration plan that allows for a fast and seamless changeover, assist your IT staff to install new ASA 5500-x or Firepower NGFW Series firewalls, and offer online, consulting, and troubleshooting services.
Additional Ways Progent Can Help You with Cisco Firewalls
Cisco Firepower Series, ASA 5500 Series, and PIX firewalls provide an array of setup, tracking, and troubleshooting options that offer you the ability to deploy these firewalls to align optimally with your company's needs. Progent's CCIE certified network experts can show you how to build an efficient infrastructure that incorporates Cisco security appliances and that provides advanced security, resilience, throughput, and recoverability. Progent's CISA and CISSP-ISSP-premier IS security engineers can assist you to create a security strategy that makes sense for your environment and can configure your security appliance to support your security policies. Progent's risk assessment experts can evaluate the strength of your existing firewall solution and validate the overall security of your entire IS environment. Progent’s Technical Response Center can deliver urgent online technical support for Cisco products and offer quick access to a Cisco network engineer.
To see additional details about Progent's professional help for Cisco technology, pick a subject:
Integration of Cisco and Third-party Security Technology
Progent offers expertise in firewall and VPN products from all major vendors and can help you integrate Cisco technology with additional security solutions to help you build a cost-effective network infrastructure that provides a level of security and flexibility appropriate for your business. Third-party firewall and VPN support services available from Progent include:
In order to contact Progent about consulting support for Cisco technology, phone 1-800-993-9400 or go to Contact Progent.